Reconfigure Microsoft Exchange Server to Use a Fully Qualified Domain Name

Hi.
I have 2 clients running exchange server 2010.  
I needed to upgrade their exchange ssl certificates.  I was told when I was renewing them that certs can no longer contain the local name of the exchange server.  
So I renewed the certificates with only the outside domain name mail.yourcompany.com
I ran these commands in the exchange shell:

To change the Autodiscover URL, type the following command, and then press Enter:
    Set-ClientAccessServer -Identity main-fs -AutodiscoverServiceInternalUri https://mail.mycompany.com/autodiscover/autodiscover.xml

    To change the InternalUrl attribute of the EWS, type the following command, and then press Enter:
    Set-WebServicesVirtualDirectory -Identity "main-fs\EWS (Default Web Site)" -InternalUrl https://mail.mycompany.com/ews/exchange.asmx

    To change the InternalUrl attribute for Web-based Offline Address Book distribution, type the following command, and then press Enter:
    Set-OABVirtualDirectory -Identity "main-fs\oab (Default Web Site)" -InternalUrl https://mail.mycompany.com/oab
   
    To recycle the application pools, open IIS Manager.
    Expand the local computer, and then expand Application Pools.
    Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.

Today the users are complaining about a cert popup in their local outlook clients.  

What do I need to do to fix this?

Wes
hmcnastyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
This is happening because you have not setup split dns in your internal domain. ONce you have setup Split DNS this cert popup issue will be resolved. I have created a HowTo for setting this up.

You also need to make sure that ALL internalURL's for all virtual directories have the same FQDN as external,  not just the ones that you have referenced in your question.

Configure Split DNS and Virtual Directories
http://www.wsit.ca/how-tos/exchange-server-2/configure-split-dns-and-exchange-2013-virtual-directories/

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
hmcnastyAuthor Commented:
Thanks Will.  
When I put in the new zone name is it mail.mycompany.com or just mycompany.com?

Odd that godadddy did say I needed to do any of this for it to work.  Although not surprising I guess
0
Will SzymkowskiSenior Solution ArchitectCommented:
You would create a new zone on your interal DNS for mycompany.com. Then you would create a Host (A) record for mail.mycompany.com and a cname for autodiscover.domain.com.

Will.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

hmcnastyAuthor Commented:
never mind on that last question. I'll keep you posted
0
hmcnastyAuthor Commented:
Ok done.  Do I need to adjust the clients at all?
0
hmcnastyAuthor Commented:
Thanks Will.  This seems to work when I recreate the profiles manually using mail.mycompany.com However on the current clients the es reads exchangeserver.local
0
Will SzymkowskiSenior Solution ArchitectCommented:
on client that are not working have you tried to run Test Email Auto Config to see if you are getting the correct URL's from Autodiscover?

This should not be required to re-create all of the profiles.

Will.
0
hmcnastyAuthor Commented:
i think its ok now.  I created a new user in ad and a new mailbox ran outlook and it set it  up with no issues.   I think what gets me is if I go into the account properties i see the local name of the exchange server instead of mail.mydomain.com under the server name.
Does that matter?
0
hmcnastyAuthor Commented:
of course i'm speaking about internal users
0
hmcnastyAuthor Commented:
it is using autodiscover through the test email auto config
0
hmcnastyAuthor Commented:
Hi Will.  It seems that some folks are still getting the cert error, however I created a new account and i don't get it.
The test email auto config shows the correct OWA link
The only thing that still shows the local server name in under protocol: Exchange PC
0
Will SzymkowskiSenior Solution ArchitectCommented:
If you reload the profile for the users that are having this issue does it work for them?

Something seems to be cached on the machine.

Will.
0
hmcnastyAuthor Commented:
I'm gonna try that next.  That has to be it.  Everything seems to be in place.

Wes
0
hmcnastyAuthor Commented:
Thanks Will.  This works great.

Wes
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.